{"id":113300,"date":"2024-08-01T11:30:00","date_gmt":"2024-08-01T15:30:00","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=113300"},"modified":"2024-10-08T14:30:54","modified_gmt":"2024-10-08T18:30:54","slug":"intune-vs-jumpcloud-for-discovering-shadow-it","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/intune-vs-jumpcloud-for-discovering-shadow-it","title":{"rendered":"Intune vs. JumpCloud for Discovering Shadow IT"},"content":{"rendered":"\n
People who don\u2019t have the tool to get a job done will find one that works. That\u2019s why shadow IT<\/a>, software or services that are unaccounted for and unauthorized, exists. It may even underlie important business processes, which is why it\u2019s extremely important to discover what\u2019s really out there.<\/p>\n\n\n\n Shadow IT creates security concerns, can impact operations, and easily becomes a roadblock on the path to digital transformation. The overall impact is that it makes managing your infrastructure a lot more complicated from onboarding new hires to supporting business needs.<\/p>\n\n\n\n This article will assist you in your efforts to identify shadow IT and make it possible using the fewest resources. It also compares JumpCloud’s open directory platform and Microsoft Intune for auditing application usage and provides additional resources to help you along the way.<\/p>\n\n\n\n Discovering and managing shadow IT requires a multipronged approach. You can\u2019t just buy a secure, compliant, and efficient IT environment. By implementing these strategies, you\u2019ll gain better visibility into your IT environment and mitigate the risks associated with shadow IT.<\/p>\n\n\n\n Check out this article on shadow IT statistics and solutions<\/a>.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n Do you have any specific concerns or areas where you suspect shadow IT might be occurring? Conduct surveys and interviews with employees to understand what tools they are using and why. Even still, there\u2019s no substitute for walking the floor: you\u2019ll be amazed at what you uncover. <\/p>\n\n\n\n For instance, employees may use macros in word processing apps for reporting. Policy baselines can impact that workflow, which may prevent work from happening. The person in charge of reporting can tell you how important the macros are to their job, if you\u2019re willing to go to them and ask the right questions. Try to remember to actively listen and avoid punishing people for using unauthorized apps, especially if they were in place before your time.<\/p>\n\n\n\n CASBs can help you discover and manage shadow IT by monitoring cloud app usage and identifying unsanctioned apps. You\u2019ll gain greater visibility and be able to perform a risk assessment on any discovered SaaS apps. CASBs are often used for data loss prevention and control and enforcement of policies for compliance and security purposes. Note that a small- to medium-sized enterprise (SME) may not require all of the capabilities that a CASB provides.<\/p>\n\n\n\n Image credit: <\/em>WireShark<\/em><\/a><\/p>\n\n\n\n Network monitoring includes using tools to track unusual data patterns or irregularities, which can indicate the use of unapproved applications or services. There are numerous free and open source network monitoring tools<\/a> available to use; however, it can be challenging work. Some free and open source tools include Cacti, Prometheus, WireShark, and Zabbix. <\/p>\n\n\n\n Some of the challenges of using network monitoring are:<\/p>\n\n\n\n Conduct regular audits that focus on software and application usage. This can help uncover instances of shadow IT and usage patterns that show how widespread it is. Schedule regular audits to ensure ongoing compliance and to address any new risks that may arise.<\/p>\n\n\n\n \n Casting IT Into the Shadows <\/p>\n \n What you can\u2019t see CAN hurt you when it comes to shadow IT. Learn six key shadow IT risks and how to address them proactively. <\/p>\n <\/div>\n Follow the money by using spend management solutions to track purchases of software and services that may not have gone through the official IT procurement process. Expense reports will help identify what\u2019s really out there, especially on mobile devices.<\/p>\n\n\n\n Educate employees about the risks of shadow IT and encourage them to use approved tools and services. Engaging with departments to understand their needs can also help reduce the temptation to use unapproved solutions. Be approachable and collaborative.<\/p>\n\n\n\n Utilize SaaS management platforms to discover and manage unauthorized software usage. Some single sign-on (SSO) platforms will offer this capability without the need to use point solutions.<\/p>\n\n\n\n SaaS management falls under the wider umbrella of IT asset management<\/a>. It provides visibility into all SaaS applications used within an organization, monitors usage, assesses risks, manages costs, and enforces IT policies to ensure security and compliance. It helps identify and control shadow IT, optimizing software spending and improving overall efficiency. <\/p>\n\n\n\n Check out this free resource<\/a>: The MSP\u2019s Guide to Combating Shadow IT.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n It\u2019s possible to begin the audit process without purchasing any new tools. You can leverage what you already \u201cown\u201d to account for shadow IT. For example, device management platforms like Intune and JumpCloud have features that audit devices for their app inventories, and more.<\/p>\n\n\n\n Microsoft Intune<\/a> is a cross-OS device management platform that\u2019s optimized for Windows. It\u2019s an add-on to Azure AD (now known as Entra ID), but they\u2019re often bundled together. Azure AD won\u2019t discover shadow IT: it\u2019s a pure play identity and access management (IAM) solution.<\/p>\n\n\n\n Intune will inventory which apps are present on enrolled devices. Select Apps > Monitor > Discovered apps to see which apps are installed among managed devices.<\/p>\n\n\n\n You may also examine installed apps by device. It will return a listing of discovered apps with app names and versioning information. The list is exportable on a per-device basis and differs by OS<\/a>. This is how that report looks for a Windows PC in the devices blade:<\/p>\n\n\n\n Note:<\/strong> Don’t be confused with app monitoring and assignments that are managed under Apps > All apps. That feature is used to deploy apps throughout your fleet.<\/p><\/div><\/div><\/div>\n\n\n\n These reports are focused on locally installed apps; Intune won\u2019t audit your users\u2019 SaaS apps. Microsoft\u2019s Defender for Cloud Apps is a CASB that\u2019s billed and managed separately from Intune. Other options include extending Active Directory with SSO and IT asset management.<\/p>\n\n\n\n The next section examines JumpCloud, an open directory platform that provides unified IAM and device management. The open directory provides similar app reporting to Intune, and more. <\/p>\n\n\n\n JumpCloud admins can select Devices > Insights > Software to generate a report on programs that are installed on a particular device that includes names, installation dates, and versioning. It will also inventory any browser extensions that are present for Chrome and Microsoft browsers.<\/p>\n\n\n\n It\u2019s also possible to use JumpCloud\u2019s PowerShell module to create a custom report<\/a> fleetwide.<\/p>\n\n\n\n This is also helpful when apps are mandatory or may have unused\/underutilized licenses. Integrated app lifecycle management is also available though the device console.<\/p>\n\n\n\n Admins may also monitor SaaS app usage using the built-in User to SSO Applications report<\/a> without purchasing a separate subscription. It returns all user attributes and SSO application associations for each user. The capacity to discover unauthorized SSO apps is coming soon.<\/p>\n\n\n\n JumpCloud acquired Resmo<\/a>, an asset management and SaaS security solution, to provide a unified solution of SaaS, IT security, and asset management. Its all-in-one approach will assist with eliminating shadow IT through full visibility into apps and cloud infrastructure.<\/p>\n\n\n\n Intune and JumpCloud have similar features to discover locally installed apps. The actual differences are slight: for instance, Intune provides a GUI for fleet-wide app management; JumpCloud offers PowerShell or JumpCloud will look out for installed browser extensions. <\/p>\n\n\n\n The overall product architectures, optionality, and how the services are bundled differ.<\/p>\n\n\n\n Learn how IdP federation<\/a> works with JumpCloud.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n JumpCloud offers IAM and cross-OS device management in an open directory platform that serves as either the core IdP or federates with other IdPs like Active Directory integration<\/a>, Okta, and Google. It features cloud LDAP, RADIUS, SSO, and multi-factor authentication (MFA) with passwordless modern authentication<\/a> that\u2019s phishing-resistant for better security.<\/p>\n\n\n\n The platform also includes optional conditional access<\/a>, remote assist<\/a>, privilege management<\/a>, and cross-OS patch management<\/a> to grant users secure, Frictionless Access\u2122 to everything they need to do their work however they choose. IT admins get centralized user, system, and non-system resource management across their entire environment.<\/p>\n\n\n\n If you would like to learn more about JumpCloud, please reach out<\/a> to us. Try JumpCloud for free<\/a> and find out if it\u2019s the right option to help your organization to eliminate shadow IT.<\/p>\n","protected":false},"excerpt":{"rendered":" Intune and JumpCloud can uncover Shadow IT but JumpCloud works with other Identity Providers.<\/p>\n","protected":false},"author":150,"featured_media":113304,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"categories":[2753],"tags":[],"collection":[2778,2779],"platform":[],"funnel_stage":[3015],"coauthors":[2535],"acf":[],"yoast_head":"\nTechniques to Discover Shadow IT<\/h2>\n\n\n\n
<\/p><\/div>
Talk to Your People<\/h3>\n\n\n\n
Cloud Access Security Brokers (CASBs)<\/h3>\n\n\n\n
Network Monitoring<\/h3>\n\n\n\n
<\/figure>\n\n\n\n
\n
Regular Audits<\/h3>\n\n\n\n
\n <\/div>\n
Spend Management Solutions<\/h3>\n\n\n\n
Employee Education and Engagement<\/h3>\n\n\n\n
SaaS Management Platforms<\/h3>\n\n\n\n
<\/p><\/div>
Using Intune to Discover Shadow IT<\/h2>\n\n\n\n
<\/figure>\n\n\n\n
<\/figure>\n\n\n\n
<\/p><\/div>
Using JumpCloud to Discover Shadow IT<\/h2>\n\n\n\n
<\/figure>\n\n\n\n
<\/figure>\n\n\n\n
Differences Between Intune and JumpCloud<\/h2>\n\n\n\n
\n
<\/p><\/div>
Demo JumpCloud<\/h2>\n\n\n\n